ClamWin looks for viruses, but I don't know if anything is being done to "harden" ClamWin itself from attack by viruses. To minimize the effectiveness of such attacks, you might consider changing the name slightly of important files with each version so that virus writers couldn't target them for long. Also, what about some sort of valid internal "key" requirement before the program itself could be changed? The key could also be changed slightly with each version, but you could set up to use wild cards to maintain capability between versions, eh?